At Cyberinc we believe in building strong partner ecosystem, focused on shaping a 100% channel led company. We have established a profitable and rewarding partner program to strike lucrative alliances with partners – aligned on technology and GTM prowess.

Dealing with Double Kill: The Latest Microsoft Zero-Day

Microsoft’s Patch Tuesday update in May addressed several critical flaws in Windows. One of the key vulnerabilities was a zero-day exploited in the wild affecting the VBScript engine (CVE-2018-8174). This vulnerability, dubbed Double Kill, allowed attackers to compromise Windows machines through Internet Explorer.

Microsoft Office documents: Attackers can also embed an ActiveX control marked “safe for initialization” within Microsoft Office documents that host an IE rendering engine.

Spear-phishing emails: Attackers can use a combination of the methods above with email – delivering a malicious document or malicious URL to initiate a targeted attack.

This vulnerability demands swift attention because it enables attackers to remotely take control of infected systems, which can result in ransomware installation, eavesdropping, and data manipulation attacks.

While nation-state actors may have already started exploiting this zero-day, the exploit will eventually make its way into the vast set of exploit kits used by attackers. And given the prevalence of the Windows OS, almost every organization is vulnerable to this threat. If WannaCry is any indication of the breadth of damage (300,000+ machines infected), this threat definitely warrants swift and comprehensive action by organizations to control damage.

The good news: Microsoft is increasingly moving toward deprecating VBScript. However, given the common presence in many organizations of at least several older machines and older browsers and the speed / limitations of updates, your organization may still have vulnerable machines. It’s always good to ensure that your security covers all these cases too.

What can you do?

Of course, ensure you’re aware of this issue and patch your end-user systems and servers at the earliest opportunity. Also, understand the breadth of BYOD users and ensure their systems are appropriately patched.

Further, look at new technologies, such as Remote Browsers, that can help reduce your attack surface in a highly efficient manner.

Gartner identifies Remote Browsers, also known as isolation, as one of the most significant ways an enterprise can reduce the ability of web-based attacks to cause damage. Attackers are likely to bypass most detection approaches at some point and need only to succeed once to cause damage! Therefore, the best way to secure an organization is to isolate the end-user browsing activities from the end-user devices and enterprise networks. This will limit the attack surface and nullify the impact of an attack.

Gartner estimates that isolation can lead to a 70% reduction in attacks compromising end-user systems.